Adherence to data protection measures such as pseudonymization or anonymization is critical in human subjects research because it has a direct impact on the confidentiality of participants' sensitive information, trust in research practices, and compliance with ethical and legal standards. Regulations such as the General Data Protection Regulation (GDPR) and guarantees made by researchers in informed consent forms mandate strict protocols for data security. However, compliance with these is not always straightforward. To gain qualitative insights into data protection practices in the field of Usable Security and Privacy (USP), we conducted interviews with 22 practitioners (five professors, eight researchers, nine data protection officers) and one focus group with five researchers. Overall, our results show a high awareness of ethical and legal responsibilities but highlight many practical and procedural issues. Based on these, we make concrete recommendations on how to improve the protection of personal data in research.
https://dl.acm.org/doi/10.1145/3706598.3713654
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)